Updated on 2023-03-02 GMT+08:00

Step 1: Analyzing All Processes

This section describes how to detect Trojans from official Windows processes.

Prerequisites

You have downloaded Process Explorer.

Procedure

  1. Open the ProcessExplorer folder and double-click the procexp64.exe file.

    Figure 1 processExplorer

  2. In the dialog box that is displayed, click Agree to view the process information and check the processes online.

    Figure 2 Viewing the current process

  3. On the menu bar, choose Options > VirusTotal.com, and select Check VirusTotal.com and Submit Unknown Executables.

    Figure 3 options > VirusTotal.com

    The system compares the hash values of the current processes with that in the VirusTotal database to quickly detect Trojans.

    Figure 4 Process Explore-Sysinternals

  4. Check the value of VirusTotal. Right-click a process name and choose Properties from the shortcut menu. On the page that is displayed, click Image from the menu bar to view the process path and determine whether the process is a Trojan.

    Figure 5 Checking whether a program is a Trojan horse program